System disk encryption with remote password input?

1

I tried BitLocker to encrypt the system drive (referred to as 'C' from now on). Since my motherboard does not have a TPM, I need either

  1. to type the key at boot-up or plug-in
  2. or place a USB drive that has the key in it.

Option 1 makes remote boot (i.e., WOL) impossible, and option 2 defeats the purpose of encryption (the thief can boot-up the system).

I searched Google a lot, and found Intel AMT might allow me to see the boot-up screen. Unfortunately, I could not find detailed AMT settings in my B85 motherboard (it supports AMT, but it only had flash settings), and the controlling software on Windows was too complicated. The CPU is Celeron G1840, so maybe it does not support AMT well.

So, I was wondering if there is any system disk encryption software that allows me to type the password at boot-up remotely. I do not think this is technically impossible. The boot loader could support network and let me connect to it using SSH and type the password to unlock the Windows drive.

If there is any such software, please let me know.

Damn Vegetables

Posted 2014-12-16T21:31:18.723

Reputation: 1 914

Question was closed 2014-12-17T07:20:05.013

early-ssh is the Linux version of this if anyone wonders. – LawrenceC – 2014-12-16T21:51:25.073

Answers

1

I have heard of this being supported by BitLocker in Windows 8 and later. I am not sure of your infrastructure, however I did find some information on TechNet that you might find useful if you want to go the BitLocker path. Below are the prerequisites and a link to the article.

Network Unlock must meet mandatory hardware and software requirements before the feature can automatically unlock domain joined systems. These requirements include: Supported Windows operating systems: Any computer running the versions of Windows designated in the Applies To list at the beginning of this topic.

Any supported operating system with UEFI DHCP drivers can be Network Unlock clients.

A server running the Windows Deployment Services (WDS) role on any supported server operating system.

BitLocker Network Unlock optional feature installed on any supported server operating system.

A DHCP server, separate from the WDS server.

Properly configured public/private key pairing.

Network Unlock Group Policy settings configured.

The network stack must be enabled to use the Network Unlock feature. Equipment manufacturers deliver their products in various states and with different BIOS menus, so you need to confirm that the network stack has been enabled in the BIOS before starting the computer.

http://technet.microsoft.com/en-us/library/jj574173.aspx

Slyce

Posted 2014-12-16T21:31:18.723

Reputation: 46

According to a Microsoft Technet answer, a system without TPM cannot be unlocked from network. – Damn Vegetables – 2014-12-17T05:09:11.897

Asked: 2014-12-16T21:31:18.723

Viewed: 84 times

Active: 2014-12-16T21:44:11.763